Security News > 2020 > November > North Korean Group Kimsuky Targets Government Agencies With New Malware
North Korea-linked threat actor Kimsuky was recently observed using brand new malware in attacks on government agencies and human rights activists, Cybereason's security researchers say.
In a newly published report, Cybereason's Nocturnus team provides details on two new malware families associated with Kimsuky, namely a previously undocumented modular spyware called KGH SPY, and a new malware downloader called CSPY Downloader.
The new malware, Nocturnus researchers told SecurityWeek, appears to be only months old, but evidence suggests it might have already been used in attacks targeting certain government agencies and human rights activists.
The new tools show code similarities with known Kimsuky malware, and server infrastructure that the threat actor has employed in recent attacks overlaps with infrastructure previously associated with the group, the researchers say.
The investigation into the new malware has revealed that the attackers modified the creation/compilation timestamps of their new tools, to appear they were created in 2016.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)